php Search field not working

Question

I have seen one's very like, and pretty much identical to mine on this site, and others across the web. However, after spending three days on multiple forums and youtube, my script does not seem to be working correctly.

I've built a simple page that allows me to track my vehicle miles, and I want to be able to search the table by Location. Everything works fine except the search function. The table is displayed on the page, filled with all the rows from the sql table. When I type in the search field and click submit, however, the search result is not displayed. Nothing is happening at all.

To help you out a little bit, I will post my code along with my server, php version, and mysql version.

phpMyAdmin: 4.0.10.7

Database Server:

Server: Localhost via UNIX socket

Server type: MySQL

Server version: 5.5.46-cll - MySQL Community Server (GPL)

Protocol version: 10

Server charset: UTF-8 Unicode (utf8)

Web Server:

cpsrvd 11.52.1.3

Database client version: libmysql - 5.1.73

PHP extension: mysqli

<?php
session_start();
if(empty($_SESSION['user']))
{
echo "      <script>window.top.location='https://mysitehere.com/milelog/login/login2.php'</script>";
exit;
}
?>

<?php
include_once 'carselect/function.php';
connect()
?>

<?php
//The File for the Database Connection
include('editentry/con.php');

//The SQL Query
$table = "SELECT * FROM milelog ";

If($_POST){

$input = mysql_real_escape_string($_POST['location']);

$table .= "WHERE Location = '$input'";
}


$show = mysql_query($table) or die(mysql_error());


?>

<html>

<head>

<link rel="stylesheet" type="text/css" href="css/milestyle.css">

</head>

<body class="body">
<div style="border: 1px solid; background-color: silver;"><div class="menuwrap"><ul class="sonarmenu" style="padding: 0 !important;">
<li><a href="addentry.php">Log</a></li>
<li><a href="addcar.php">Add Car</a></li>
<li><a href="list.php">Edit Entry</a></li>
<li><a href="login/logout.php">Log Out</a></li>
</ul>
</div></div>

<form name="search" action="search.php" method="post">
<input name="location" value="" type="text" />
<input type="submit" value="search" name"search" />
</form>

<table class="table">
<tr>
<td>ID</td>
<td>Car</td>
<td>Date</td>
<td>Location</td>
<td>Miles</td>
<td></td>
<td></td>
</tr> 
<?php while ($row = mysql_fetch_array($show)) {
echo "<tr><td>".$row['id']."</td>";
echo "<td>".$row['Car']."</td>";
echo "<td>".$row['Date']."</td>";
echo "<td>".$row['Location']."</td>";
echo "<td>".$row['Miles']."</td>";
echo "<td><a href='editentry/delete2.php?id=".$row['id']."'>Delete</a></td>    <tr>";
 }
?>
</table>


</body>
</html>

After 3 long days of researching and not getting anywhere, I don't know what else to do.

Answer 1

You're using mysql_real_escape_string, which was deprecated in PHP 5.5.0 and removed in 7.0.0. The change below will work, but it's not a true solution:

Change

$input = mysql_real_escape_string($_POST['location']);

to

$input = $_POST['location'];

This still leaves you (even more) vulnerable to SQL injection, so you should really be using prepared statements. See the manual for a full example.

Note that as @self indicated, the test if($_POST) is not the correct way to check whether a post has occurred. One correct way is this (see this answer for details):

if ($_SERVER['REQUEST_METHOD'] == 'POST')